Home

Description

billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.

PUBLISHED Reserved 2026-01-28 | Published 2026-01-28 | Updated 2026-01-28 | Assigner naver

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
affected

3.18.0
unaffected

Credits

Jesper den Boer finder

References

cve.naver.com/detail/cve-2026-1513.html vendor-advisory

cve.org (CVE-2026-1513)

nvd.nist.gov (CVE-2026-1513)

Download JSON